| The length of time (in minutes) after which if no failed logon attempts occur, the count of failed logon attempts is cleared.

-

The value of the HackResetTime field should be in the range of 1-120 minutes.

-

Default Value: 30 minutes

-

|

-

|-

-

| locationobjectid

-

| Read Only

-

| String(36)

-

| The unique identifier of the Location object to which this credential policy belongs.

-

The default value is the delivery location for this virtual machine system.

-

|

-

|-

-

| locationURI

-

| Read Only

-

| Strings

-

| Specifies the URI of locations

-

|

-

|-

-

| LockoutDuration

-

| Read/Write

-

| Integer

-

| The length of time (in minutes) that a user who is locked out must wait until they can attempt to access the system again with this credential.

-

The value should be in the range of 0-1440 minutes. A value of "0" means the user is locked out until the credential/account is unlocked by an administrator.

-

Default Value: 30 minutes

-

|

-

|-

-

| MaxDays

-

| Read/Write

-

| Integer

-

| The maximum number of days before the credential must be changed.

-

The default value is 180 days when creating a credential policy associated with user accounts that do NOT have administrative access or privileges (i.e., normal user account with voice mail subscription).

-

The default value is 120 days when creating a credential policy associated with user accounts that have administrative access and privileges.

-

The value of the MaxDays field should be in the range of 0-3563 days. A value of "0" means the credential will never expire.

-

|

-

|-

-

| MaxHacks

-

| Read/Write

-

| Integer

-

| The maximum number of failed logon attempts (hacks) before action is taken. If number of invalid attempts increase this limit, account will lockout.

-

The value of this field should be in the range of 0-100. A value of "0" means an unlimited number of logon attempts (i.e., no lockout) are allowed.

-

Default Value: 3 number

-

|

-

|-

-

| MinLength

-

| Read/Write

-

| Integer

-

| The minimum number of characters or digits (PIN) required for the password. The value of this field should be in the range 1-64.

-

A value of "0" means a blank credentials, that is no password or PIN is allowed.

-

Default Value: 8 characters

-

|

-

|-

-

| PrevCredCount

-

| Read/Write

-

| Integer

-

| Stores the specified number of previous credentials for a user and compares a new credential with them. The new password shall not match with the old ones given in the history.

If enabled, Unity Connection will verify that the credential meets the criteria as specified by the type of credential:

-

Password (GUI):

-

• The password must contain at least three of the following four characters: an uppercase character, a lowercase character, a number, or a symbol.

-

• The password cannot contain the user alias or its reverse.

-

• The password cannot contain the primary extension or any alternate extensions.

-

• A character cannot be used more than three times consecutively (for example, !Cooool).

-

• The characters cannot all be consecutive, in ascending or descending order (for example, abcdef or fedcba).

-

PIN (TUI):

-

• PIN cannot match the numeric representation of the first or last name of the user.

-

• PIN cannot contain the primary extension or alternate extensions of the user.

-

• PIN cannot contain the reverse of the primary extension or alternate extensions of the user.

-

• PIN cannot contain groups of repeated digits, such as "408408" or "123123."

-

• PIN cannot contain only two different digits, such as "121212."

-

• A digit cannot be used more than two times consecutively (for example, "28883").

-

• PIN cannot be an ascending or descending group of digits (for example, "012345" or "987654").

-

• PIN cannot contain a group of numbers that are dialed in a straight line on the keypad when the group of digits equals the minimum credential length that is allowed (for example, if 3 digits is allowed, the user could not use "123," "456," or "789" as a PIN).

-

|

-

|-

-

| DisplayName

-

| Read/Write

-

| String(64)

-

| The unique text name (example, "Administrator Password Policy") of the credential policy to be used when displaying entries in the administrative console, e.g. Cisco Unity Connection Administration.

-

|

-

|-

-

| MinDuration

-

| Read/Write

-

| Integer

-

| The minimum number of minutes that must pass from the time of the last change before the credential can be changed.

-

The range of this field can vary from 0 to 129600 minutes. A value of "0" means that there are no restrictions on how often the user can change the credential.

-

Default Value: 1440 minutes.

-

Note: The minimum duration between credential changes is specified in minutes while the expiry warning days is expressed in terms of days.

-

|

-

|-

-

| ExpiryWarningDays

-

| Read/Write

-

| Integer

-

| The number of days prior to the expiration of a credential when Unity Connection begins prompting a user to change their credential upon logon, until the change is made. The ExpiryWarningDays field should be set lesser than the MaxDays field as the warning must occur before expiration.

-

A value of "0" means that a user will not be prompted to change their credential prior to its expiration.

Latest revision as of 13:39, 9 September 2013

Contents

About CUPI Authentication and Authorization

CUPI uses the same authentication and authorization scheme that the administration console uses. This means that the objects an administrator has access to when authenticated are determined by the roles to which the administrator is assigned.

CUPI authenticates by using standard HTTPS and Basic authentication, so that credentials can be passed by using typical mechanisms to send username and password via HTTP headers.